NSE6_FAC-6.1 Free Practice Test

A device or useridentity cannot be established transparently, such as with non-domain BYOD devices, and allow users to create their own credentialis.
In this case, which user idendity discovery method can Fortiauthenticator use?

1. A. Syslog messaging or SAML IDP
2. B. Kerberos-base authentication
3. C. Radius accounting
4. D. Portal authentication

Correct Answer: D

Which option correctly describes an SP-initiated SSO SAML packet flow for a host without a SAML assertion?

1. A. Service provider contacts idendity provider, idendity provider validates principal for service provider, service provider establishes communication with principal
2. B. Principal contacts idendity provider and is redirected to serviceprovider, principal establishes connection with service provider, service provider validates authentication with identify provider
3. C. Principal contacts service provider, service provider redirects principal to idendity provider, after succesfull authentication identify provider redirects principal to service provider
4. D. Principal contacts idendity provider and authenticates, identity provider relays principal to service provider after valid authentication

Correct Answer: C

Which interface services must be enabled for the SCEP client to connect to Authenticator?

1. A. OCSP
2. B. REST API
3. C. SSH
4. D. HTTP/HTTPS

Correct Answer: D

Which method is the most secure way of delivering FortiToken data once the token has been seeded?

1. A. Online activation of the tokens through the FortiGuard network
2. B. Shipment of the seed files on a CD using a tamper-evident envelope
3. C. Using the in-house token provisioning tool
4. D. Automatic token generation using FortiAuthenticator

Correct Answer: B

Which EAP method is known as the outer authentication method?

1. A. PEAP
2. B. EAP-GTC
3. C. EAP-TLS
4. D. MSCHAPV2

Correct Answer: A